- Community Home
- >
- Software
- >
- HPE OneView
- >
- Is CVE-2023-38408 fixed?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2024 11:08 PM - last edited on 07-22-2024 09:07 PM by support_s
07-21-2024 11:08 PM - last edited on 07-22-2024 09:07 PM by support_s
Dear all,
is CVE-2023-38408 (CVE - CVE-2023-38408 (mitre.org)) already fixed, and if so, in which version?
Although we are running the latest version 9.0, our security scanner is referring to that CVE, since it detects an openssh version 7.4 inside the oneview appliance. I could not find any information about that CVE, neither in this forum nor on the internet.
Best regards
rd-Linux
Solved! Go to Solution.
- Tags:
- bios
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2024 08:08 AM
07-22-2024 08:08 AM
Re: Is CVE-2023-38408 fixed?
The only official communication is found here: https://support.hpe.com/hpesc/public/docDisplay?docId=sd00001284en_us&page=GUID-F7F6CB78-93EF-4F6F-8B45-B3847F06A9AB.html
CVE-2023-38408:
HPE OneView does not support SSH forwarding so its not affected, again false positive based only on openssh version
All scanners that report solely based on version will trigger many false positives where HPE OneView is not vulnerable.
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2024 08:51 AM
07-22-2024 08:51 AM
Solution[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2024 10:49 PM
07-22-2024 10:49 PM
Re: Is CVE-2023-38408 fixed?
Thanks for your replies.
As suggested, we will mark that finding as a false-positive.